Security Basics mailing list archives
RE: Anonymous LogOff and UDP Out Connections
From: Joey Peloquin <jpelo1 () jcpenney com>
Date: Tue, 09 Sep 2003 10:43:52 -0500
Mark - Perhaps you noticed that 61.111.x.x is Korean address space? Have you used a web server in that space recently? Logon Type: 3 are network logon events. The logon events and connections to UDP 53 are related, as explained in this list archive: http://www.netsys.com/firewalls/firewalls-2000-03/msg00126.html Cheers, Joey Peloquin -----Original Message----- From: Mark Sargent [mailto:powderkeg () snow email ne jp] Sent: Tuesday, September 09, 2003 12:14 AM To: Security-Basics@Securityfocus. Com Subject: Anonymous LogOff and UDP Out Connections Hi All, When activating the LAN, I notice numerous UDP packet attempts to a number of different IPs, 61.111.253.229 61.111.93.64 61.111.31.214 on the Host machine. All attempts are from the localhost on port 137 to owner;stystem on 137. What are thse attempts. Also, I'm seeing numerous LogOff alerts in Security Event Viewer. User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0xBC852) Logon Type: 3 User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0xB9BB8) Logon Type: 3 User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0xB1C26) Logon Type: 3 16 in the past 2-3hrs. I'm also getting a lot of attempts from the Client, 192.168.0.2 to connect to port localhost on port 53, UDP(there is no owner). What is all of this..? I'm stealthed according to the security checks here on this site and grc.com. Any help appreciated. Cheers. OS = Win2kPro(both Host(192.168.0.1) and Client(192.168.0.2)) Firewall = Kerio Connection = ISDN ------------------------------------------------------------------------ --- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ------------------------------------------------------------------------ ----
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer.
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Anonymous LogOff and UDP Out Connections Mark Sargent (Sep 09)
- RE: Anonymous LogOff and UDP Out Connections Joey Peloquin (Sep 09)
- RE: Anonymous LogOff and UDP Out Connections Mark Sargent (Sep 09)
- Re: Anonymous LogOff and UDP Out Connections GSimmonds (Sep 10)
- RE: Anonymous LogOff and UDP Out Connections Joey Peloquin (Sep 09)